hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

C++: Add another test case.

Browse Source
This commit is contained in:
Geoffrey White
2020-10-22 12:41:23 +01:00
parent 3cca8443f8
commit ceea947f5e
5 changed files with 86 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
cpp/ql/test/library-tests/dataflow/taint-tests/vector.cpp
View File

@@ -402,13 +402,36 @@ void test_vector_output_iterator(int b) {
void *memcpy(void *s1, const void *s2, size_t n);
namespace ns_string
{
std::string source();
}
void sink(std::vector<char> &);
void sink(std::string &);
void test_vector_memcpy()
{
std::vector<int> v(100);
int s = source();
int i = 0;
{
std::vector<int> v(100);
int s = source();
int i = 0;
sink(v);
memcpy(&v[i], &s, sizeof(int));
sink(v); // tainted [NOT DETECTED by IR]
sink(v);
memcpy(&v[i], &s, sizeof(int));
sink(v); // tainted [NOT DETECTED by IR]
}
{
std::vector<char> cs(100);
std::string src = ns_string::source();
const size_t offs = 10;
const size_t len = src.length();
sink(src); // tainted
sink(cs);
memcpy(&cs[offs + 1], src.c_str(), len);
sink(src); // tainted
sink(cs); // tainted [NOT DETECTED by IR]
}
}